From 1bf8939e2fb8e6d4fdab4424e80a78a2ca65d2aa Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 6 Oct 2010 22:43:04 +0000 Subject: [PATCH] further updates --- lib/controller/checks.py | 16 ++++++---------- lib/core/common.py | 9 +++++++++ lib/core/testing.py | 8 ++------ lib/utils/detection.py | 8 ++------ 4 files changed, 19 insertions(+), 22 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index e045c5303..048736928 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -22,18 +22,16 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ -import codecs import re import socket import time -from xml.dom import minidom - from lib.core.agent import agent from lib.core.common import getUnicode from lib.core.common import preparePageForLineComparison from lib.core.common import randomInt from lib.core.common import randomStr +from lib.core.common import readXmlFile from lib.core.common import DynamicContentItem from lib.core.convert import md5hash from lib.core.data import conf @@ -69,18 +67,12 @@ def checkSqlInjection(place, parameter, value, parenthesis): if conf.postfix: postfix = conf.postfix - f = codecs.open(paths.INJECTIONS_XML, 'r', conf.dataEncoding) - injections = minidom.parse(f).documentElement - f.close() + injections = readXmlFile(paths.INJECTIONS_XML) for case in injections.getElementsByTagName("case"): tag = case.getAttribute("tag") desc = case.getAttribute("desc") - infoMsg = "testing %s injection " % desc - infoMsg += "on %s parameter '%s'" % (place, parameter) - logger.info(infoMsg) - positive = case.getElementsByTagName("positive")[0] negative = case.getElementsByTagName("negative")[0] @@ -89,6 +81,10 @@ def checkSqlInjection(place, parameter, value, parenthesis): if not prefix and not postfix and tag == "custom": continue + + infoMsg = "testing %s injection " % desc + infoMsg += "on %s parameter '%s'" % (place, parameter) + logger.info(infoMsg) payload = agent.payload(place, parameter, value, format % eval(params)) diff --git a/lib/core/common.py b/lib/core/common.py index 08d864dc3..1b0e654a3 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -44,6 +44,7 @@ from subprocess import Popen as execute from tempfile import NamedTemporaryFile from tempfile import mkstemp from xml.etree import ElementTree as ET +from xml.dom import minidom from xml.sax import parse from extra.cloak.cloak import decloak @@ -1218,6 +1219,7 @@ def getConsoleWidth(default=80): return width if width else default def parseXmlFile(xmlFile, handler): + checkFile(xmlFile) xfile = codecs.open(xmlFile, 'rb', conf.dataEncoding) content = xfile.read() stream = StringIO(content) @@ -1225,6 +1227,13 @@ def parseXmlFile(xmlFile, handler): stream.close() xfile.close() +def readXmlFile(xmlFile): + checkFile(xmlFile) + xfile = codecs.open(xmlFile, 'r', conf.dataEncoding) + retVal = minidom.parse(xfile).documentElement + xfile.close() + return retVal + def calculateDeltaSeconds(start, epsilon=0.05): """ Returns elapsed time from start till now (including expected diff --git a/lib/core/testing.py b/lib/core/testing.py index 72674dfbd..aa31a5629 100644 --- a/lib/core/testing.py +++ b/lib/core/testing.py @@ -21,7 +21,6 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ -import codecs import doctest import logging import os @@ -31,12 +30,11 @@ import sys import tempfile import time -from xml.dom import minidom - from lib.controller.controller import start from lib.core.common import dataToStdout from lib.core.common import getCompiledRegex from lib.core.common import getConsoleWidth +from lib.core.common import readXmlFile from lib.core.data import conf from lib.core.data import logger from lib.core.data import paths @@ -112,9 +110,7 @@ def liveTest(): count = 0 global_ = {} vars_ = {} - xfile = codecs.open(paths.LIVE_TESTS_XML, 'r', conf.dataEncoding) - livetests = minidom.parse(xfile).documentElement - xfile.close() + livetests = readXmlFile(paths.LIVE_TESTS_XML) length = len(livetests.getElementsByTagName("case")) element = livetests.getElementsByTagName("global") diff --git a/lib/utils/detection.py b/lib/utils/detection.py index c4338a0ef..ffd5f80f9 100644 --- a/lib/utils/detection.py +++ b/lib/utils/detection.py @@ -22,13 +22,11 @@ with sqlmap; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA """ -import codecs import re import sre_constants -from xml.dom import minidom - from lib.core.common import getCompiledRegex +from lib.core.common import readXmlFile from lib.core.data import conf from lib.core.data import paths from lib.core.data import logger @@ -53,9 +51,7 @@ def checkPayload(string): global rules if not rules: - xfile = codecs.open(paths.DETECTION_RULES_XML, 'r', conf.dataEncoding) - xmlrules = minidom.parse(xfile).documentElement - xfile.close() + xmlrules = readXmlFile(paths.DETECTION_RULES_XML) rules = [] for xmlrule in xmlrules.getElementsByTagName("filter"):